PatchSiren cyber security CVE debrief
CVE-2025-13844 Schneider Electric CVE debrief
CVE-2025-13844 is a user-assisted double-free vulnerability in Schneider Electric EcoStruxure Power Build Rapsody that may lead to heap memory corruption when an end user imports a malicious SSD project file shared by an attacker. Schneider Electric and CISA rate the issue as Medium, and the advisory provides fixed releases plus temporary handling guidance for environments that cannot patch immediately.
- Vendor
- Schneider Electric
- Product
- EcoStruxure Power Build Rapsody software
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-01-13
- Original CVE updated
- 2026-03-17
- Advisory published
- 2026-01-13
- Advisory updated
- 2026-03-17
Who should care
Organizations using EcoStruxure Power Build Rapsody, especially engineering, operations, and security teams that exchange SSD project files with partners, contractors, or other external sources. This is most relevant where users routinely open third-party project files on systems running affected Rapsody versions.
Technical summary
The advisory describes a double-free condition in Rapsody’s handling of imported SSD project files. Successful triggering requires user interaction: an end user must import a malicious project file into the application. The stated impact is heap memory corruption; the supplied advisory text assigns a Medium severity and a local/user-assisted attack profile.
Defensive priority
Medium. Patch promptly if Rapsody is used to import externally sourced project files, and raise priority further in environments where file exchange is common or tightly coupled to engineering workflows.
Recommended defensive actions
- Install a fixed version of EcoStruxure Power Build Rapsody: FR V2.8.1.0401, INT V2.8.6.200, or ES V2.8.5.0301, as applicable.
- For Belgian releases, use BEL(NL) V2.8.3.0201 or BEL(FR) V2.8.8.0201 and contact Schneider Electric Customer Care Center for assistance if needed.
- Restart the service after installing the updated version.
- If patching is delayed, only open projects from trusted sources.
- Scan externally created project files for malware before opening them.
- Review and apply CISA ICS recommended practices and defense-in-depth guidance for layered protection around engineering workstations and file exchange workflows.
Evidence notes
The CISA CSAF advisory (ICSA-26-015-10) and Schneider Electric SEVD-2026-013-04 materials both state that a malicious SSD project file can trigger a double-free leading to heap memory corruption in Rapsody. The remediation section lists fixed versions and explicitly notes that the service should be restarted after installation. The advisory revision history shows republication and later updates, including removal of a Belgium fix link on 2026-03-10 and again on 2026-03-17. Supplied enrichment marks the issue as not KEV-listed.
Official resources
-
CVE-2025-13844 CVE record
CVE.org
-
CVE-2025-13844 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed on 2026-01-13 via CISA’s republication of Schneider Electric’s SEVD-2026-013-04 advisory; last modified on 2026-03-17 (Update A).